CyberWire Daily

A remarkable discussion unfolds around the largest ransomware payment ever—$75 million! The average cost of data breaches is nearing a staggering five million dollars. Phishing emails are flooding inboxes due to exploited protections, while new tools emerge to enhance machine learning security. The legal landscape shifts with most charges against SolarWinds dismissed, prompting thoughts on corporate accountability. Plus, wild HDMI techniques reveal data leakage secrets. Tune in for a gripping dive into today’s cybersecurity climate!

Barath Raghavan, a cybersecurity expert, and Bruce Schneier, a leading authority on security tech, dive into the complexities of cyber threats. They discuss South Korea's military intelligence leak to North Korea and the increasing threat landscape. The conversation highlights the importance of building resilience in IT infrastructures through strategic failures. They also explore the convergence of cyber and physical security, emphasizing AI's transformative role in safeguarding critical infrastructure against sophisticated cyber attacks.

John Kindervag, the mind behind the zero trust model, joins Rick Howard for an insightful discussion. They delve into the origins of zero trust, sparked by frustrations with traditional security methods. The conversation shifts to the evolution of this framework, highlighting the necessity for a trust paradigm shift to combat modern threats. Kindervag underscores the importance of differentiating identities, devices, and software in network security. The duo also navigates the practical steps for transitioning to a zero trust strategy, emphasizing a deny-all approach to safeguard critical resources.

Camille Stewart, a cybersecurity attorney with extensive experience in security policy, discusses her journey shaped by a childhood passion for contracts and a tech-savvy upbringing. She emphasizes the importance of blending law and technology to address cybersecurity challenges. Camille shares insights from her roles in various sectors, including Big Tech at Google Play, where she focuses on user safety and informed decision-making. Her unique perspective highlights how technology acts as an equalizer in the legal landscape.

Justin Fanelli, the Acting CTO of the US Navy, dives into how the Navy is revolutionizing its innovation process through private sector collaboration. He discusses the crucial link between military prowess and economic strength, alongside the hurdles entrepreneurs face when transitioning ideas into practice. Fanelli also highlights the Navy's shift to portfolio management for enhancing operational effectiveness and the necessity of data-driven decisions. Finally, he underscores the significance of clear communication and feedback in successfully integrating new technologies.

Dick O'Brien, a cybersecurity researcher from Symantec's Threat Hunter team, discusses the ominous rise of the Black Basta ransomware group. He dives into a specific vulnerability, CVE-2024-26169, which allowed attackers to exploit privilege escalation as a zero-day before being patched. O'Brien outlines the group's origins and operational strategies, reveals their historical ties to the Quackbot botnet, and highlights essential cybersecurity measures for defending against such sophisticated threats. Tune in for vital insights into the evolving landscape of ransomware!

Rick Howard, N2K's Chief Security Officer, teams up with Steve Schmidt, Amazon's CSO, to dive deep into security culture's significance in tech leadership. They discuss the recent indictment of a North Korean hacker and CrowdStrike's recovery efforts. The duo emphasizes the necessity of security awareness training across organizations, highlighting that cybersecurity isn't just a security team's job. They also touch on the SEC's regulatory impact and how innovations like AI are reshaping security challenges, urging adaptive strategies for the future.

A North Korean hacking group targets healthcare, energy, and finance sectors. Leaked documents from Leidos appear on the dark web. A Middle Eastern bank faces a massive DDoS attack. Crowdstrike outage fallout updates. HHS cybersecurity audit reveals cloud security gaps. Docker patches critical vulnerability again. Google enhances Chrome user protections. Threat Vector segment explores social engineering attacks with a focus on vishing and smishing. AI cameras in Paris for the Summer Olympics.

The podcast discusses a malicious code repository on GitHub, Windows vulnerability, ransomware attack in US Virgin Islands, phishing landscape analysis, algorithmic pricing explanations, crackdown on Nigerian Yahoo Boys, fake IT worker getting caught, and a conversation with the co-hosts of Microsoft Security's The Bluehat Podcast.

Acting CTO of N2K, Justin Fanelli, discusses US Navy innovation streamlining. UK shuts down DDoS marketplace. Congress summons Crowdstrike's CEO. Google ditches plan on third-party cookies. FCC settles with Tracfone Wireless. Wiz rejects Google for IPO. Target's AI chatbot fails. Insights on public-private partnerships in cybersecurity and DOD innovation adoption.